Jan 31 2012

Phony ICC Promotion Award

Nothing can be more enticing than to be chosen for some free goodies—be it mementos, a cash prize, or a ticket to watch a game. It gets even more interesting if you are from a cricket crazy continent and suddenly, out of the blue, you receive an email saying that you are “the chosen one”!

What would you do? At first thought you would pounce on the opportunity, like a jungle tiger does its prey. But hang on a second! What you might be thinking is an opportunity of a lifetime, sadly, is just the opposite. Let me put it bluntly: if you have received such an email, you are "the chosen prey”. And if you decide to reply to it, then you could be in for some big trouble!

Millions of people get scammed every day with such fantastic offers. The sad part of the story is that many get plundered in this game. Scammers put in a lot of planning before sending out such emails. Upcoming events are focused upon, strategies are formalized, and emails are drafted—all keeping in mind the target audience.

Last year, we reported a fake ticket scam for the 2011 ICC Cricket World Cup held in India. This year, scammers have revisited the continent with Sri Lanka in mind (the place where the destiny of cricketing nations will be decided). You guessed it right—it is the 2012 ICC World Twenty20 tournament to be held in September 2012. We certainly feel this will not be the last spam campaign to be seen for this tournament.

Let’s analyze one email scam sample. From the email headers, we find this message does not originate from the ICC in any way:

The contents of the email are actually found in the PDF attachment:

The content inside the PDF attachment has all the characteristics of an email scam. It announces the email account of the recipient has been chosen randomly and has won a prize of 75,000 Euro. (Without user participation in any lottery! Surprising isn’t it?). This award is called the “International Cricket Council (ICC) Promotion New Year Award 2012”, which is obviously imaginary. There is also a form to be filled with details like name, date of birth, address, and banking-related information. Amusingly, this mail also includes a logo which claims this payment is considered risk free by all financial service providers. Along with the risk free tag, a barcode is added towards the end of the document to make it look genuine. In addition, they have added the event logo of the tournament, inviting users to register for official travel packages to Sri Lanka.

Users should not believe and communicate with senders of these types of email notifications. This warning also applies to similar SMS texts sent to mobile phone users. Do not trust such emails without verifying the sender. Such messages are never “risk free”.

See the Symantec Intelligence Report for best practices for consumers.

Jan 31 2012

Google to Censor Blogger Blogs on a ‘Per Country Basis’

Google has quietly announced changes to its Blogger free-blogging platform that will enable the blocking of content only in countries where censorship is required.

Twitter announced technology last week addressing the same topic. It said it had acquired the ability to censor tweets in the countries only where it was ordered removed, instead of on an internet-wide basis.

Twitter’s announcement via its blog sparked a huge online backlash. The microblogging service was accused of becoming a censoring agent.

Yet Google’s announcement three weeks ago — buried in a Blogger help page — went unnoticed until it was highlighted by TechDows on Tuesday.

Google wrote Jan. 9 it would begin redirecting Blogger traffic to country-specific URLs, meaning whatever country you’re in, you’ll get that country’s domain for Blogger-hosted blogs.

TechDows reports that this is now happening in India, for example. So when you’re there and click on a Blogger blog, the URL will end .in.

Doing that, Google wrote, means content can be removed “on a per country basis.”

“Migrating to localized domains will allow us to continue promoting free expression and responsible publishing while providing greater flexibility in complying with valid removal requests pursuant to local law,” Google wrote.

Twitter did not announce how its new technology functions, but said Twitter has the ability to remove tweets only in countries where that content was barred.

Jan 31 2012

Megaupload Server Purge Delayed

A scheduled purging of Megaupload’s data was tentatively shelved Tuesday to give its millions of account holders an opportunity to attempt to retrieve their content from the file-sharing service, whose top officials were indicted on criminal copyright charges.

The authorities shuttered the Hong Kong-based site Jan. 19, and indicted seven of its top officials in what the Justice Department said was “among the largest criminal copyright cases ever brought by the United States.”

As part of its prosecution, the government had copied an undisclosed amount of data from Megaupload’s servers in the United States.

The entire contents of Megaupload were set to be purged later this week by Carpathia and Cogent, two of Megaupload’s U.S.-based server hosts. The United States has frozen Megaupload’s assets, and it has been unable to pay its hosting bill, said Ira Rothken, Megaupload’s attorney.

Rothken said in a telephone interview he is negotiating with the government to unfreeze Megaupload assets to keep Megaupload’s servers active so the company can “deliver consumer data back to consumers.” He said the two companies have agreed not to purge data for at least two weeks.

The Electronic Frontier Foundation said Tuesday it would assist those attempting to retrieve their data, but could not promise results to the estimated 150 million account holders.

Julie Samuels, an EFF attorney, said in a telephone interview it was unclear what data the authorities copied from Megaupload’s servers, and said it was too early to say what access the authorities have to data uploaded by individual account holders.

Jay Prabhu, chief of the Justice Department’s Cybercrime Unit, said in a court filing that search warrants authorized the government to seize “selected data.”

Megaupload’s terms of service inform account holders that they “have no proprietary interest in any of the files on Megaupload’s servers” and that “Megaupload can terminate site operations without prior notice.”

The government said the site facilitated copyright infringement of movies “often before their theatrical release, music, television programs, electronic books, and business and entertainment software on a massive scale.” The government said Megaupload”s “estimated harm” to copyright holders was “well in excess of $500 million.”

A five-count indictment from the Eastern District of Virginia was unsealed two weeks ago, when the Justice Department said it seized 18 domains in all connected to Megaupload. The agency said it executed more than 20 search warrants in the United States and eight countries, seizing $50 million in assets.

Megaupload, which often charges its 150 million registered members for its file-sharing service, was on the recording and movie industries’ most-hated lists, often being accusing of facilitating wanton infringement of their members’ copyrights. The indictment claims it induced users to upload copyrighted works for others to download, and that it often failed to comply with removal notices from rights holders under the Digital Millennium Copyright Act.

According to the indictment, the defendants generated revenue through subscriptions and online advertising. Subscriptions cost as “little as a few dollars a day” or $260 per lifetime. The indictment claimed the site took in $150 million in subscription fees overall and $25 million in advertising over a five-year period.

Among the indicted, they include:

*Kim Dotcom, 37, of New Zealand and Hong Kong, Megaupload founder.
*Finn Batato, 38, of Germany, chief marketing officer.
*Julius Bencko, 35, of Slovakia, graphic designer.
*Sven Echternach, 39, of Germany, head of business development.
*Mathias Ortmann, 40, of Germany and Hong Kong, chief technical officer co-founder and director.
*Andrus Nomm, 32, of Turkey and Estonia, software programmer.
*Bram van der Kolk, aka Bramos, 29, of the Netherlands and New Zealand, programmer.

Dotcom, van der Kolk, Batato and Ortmann all were denied bail last week in Auckland, New Zealand, where they were arrested. The government is seeking to extradite them to the United States. The others remain at large.

Jan 31 2012

Carder Forced Gang Members to Have Sex to Weed Out Undercover Feds

Photo: Jim Merithew/Wired.com

The mastermind of a carding gang in Georgia devised a novel way for weeding out undercover Feds from his operation — he forced members to have group sex, according to a local police detective who helped bust the ring.

Vikas Yadav, an Indian national who was deported in 2010, recruited other carders and mules through sadomasochism web sites, forcing would-be accomplices to have group sex with other men and women while Yadav videotaped them, according to the Athens Banner-Herald.

“Anyone who wanted in with [Yadav] would have to have three-way sex, either with other men or women, but Vikas had to be involved and he would record it all and save the recordings so he could watch it on his big flatscreen TV,” Athens-Clarke Police Detective Beverly Russell recently revealed to the paper.

Authorities say a TV in his upscale Athens, Georgia, bedroom was rigged to a pair of hard drives capable of holding 12 terabytes of data.

Three of his main conspirators — Dashun McQuiller, Shaun Grittner, and Dwight Riddick, a former New York City police officer — were sentenced in federal court this month.

Yadav’s descent into crime had a steep fall. He initially came to the U.S. to earn a master’s degree at the University of Georgia’s College of Pharmacy, which he did in 2004, but he was expelled from a doctoral program in 2005 after he was caught plagiarizing.

He subsequently went to work at a liquor store, where his crime spree began. Authorities say he installed a recording device on the store’s card reader to capture account numbers and PINs and would then encode the information onto blank cards to withdraw cash from accounts or purchase flatscreen TVs and other big-ticket items that were then re-sold for cash.

“He had dealers lined up who placed orders for specific items, like 50 to 60 flatscreen TVs of a certain size and brand,” Russell told the paper. “It’s not like he sent people randomly to go to the store. He had shopping lists with items already lined up to buy.”

Yadav was arrested in August 2008 outside a Walmart in Mississippi, according to a court document, after the store manager called police about a suspicious transaction and provided the license number of an Enterprise rental van. When police pulled the van over, they found a stack of credit and gift cards on the car’s dashboard with Vadak’s name on them and a duffel bag containing a laptop and accessories for encoding data onto blank cards. The van was filled with multiple televisions, Wii game consoles and other electronics.

Back in Georgia, authorities were aided in their investigation when a rental truck arrived at Yadav’s home at the same time police were on his street searching for his address. The truck, driven by accomplice Riddick, was crammed with newly purchased TVs.

The Athens paper describes Yadav’s crime ring as a multi-million-dollar operation, but it appears he was never charged with most of his crimes. Court records show proceedings for him only on a limited number of charges in Mississippi, with losses amounting to only about $30,000. The documents don’t mention Yadav’s bizarre work requirement for accomplices, but according to the Athens paper, Detective Russell learned about it from Yadav’s accomplices.

Threat Level could not reach Detective Russell for comment.

Riddick pleaded guilty to interstate transportation of stolen property and was sentenced two years of probation. McQuiller and Grittner pleaded guilty to conspiracy to defraud, and were sentenced to 30 months and 10 months in prison, respectively.

Yadav pleaded guilty in Mississippi to access device fraud and was sentenced to one year in prison. According to the Athens paper, he was deported.